When Your Email is Hacked and You Are the Last to Know

In this age of convenience and innovation, most of us take advantage of all the technology available to us. Seldom do we think about the downside of that convenience—hacking, the “Dark Web,” stolen identities, and legitimate-looking emails from adept, fraudulent sources.

One of the most concerning incidents of fraudulent communications are wire instructions that appear to be sent by a representative with whom a consumer is actively working. A common scenario often plays out like this:

  • A prospective home buyer is working with a title agency in the process of purchasing a new home.
  • The buyer establishes a contact at the title company who guides them through the steps of the transaction. What neither party knows is that the email servers of the title company have been compromised, and hackers are watching the email exchanges between the two parties.
  • When the timing seems appropriate, hackers send an email that appears to be from the title company, outlining wire instructions and perhaps requesting a down payment.
  • Since the consumer is expecting a request to wire funds at some point in the process, they comply without question. Furthermore, the title company has no ability to view the email correspondence, so they have no idea money has been wired to somewhere it will, most likely, never be retrieved.

The result is extremely detrimental for both parties. The consumer has possibly lost a lifetime of savings, and the title company is blamed for unwittingly facilitating the heist. Years of stellar reputation and hard work by the title company can be erased by a single incident.

From our perspective, this scenario is especially concerning because there is currently no insurance product that provides a failsafe for this sort of theft. Coverage for fraudulent wire transfers is available, but it only applies if an employee of the insured title company is duped into wiring funds to the wrong account. Coverage does not apply to consumers wiring their own funds to the wrong account. From the perspective of a title company’s insurers, if the money was never in your account, you are not responsible for it. Just as you cannot insure a house you do not own, you cannot typically insure funds that are not in your possession.

This creates a concerning issue for companies. There is a very real exposure to business loss that must be retained (i.e., it is a risk you need to accept and prepare for).  Because there is no insurance, companies must be especially careful to educate their clients about the dangers of fraudulent wire instructions. What will that look like for your company?

Here a few options you might consider.

  • Be sure all wire transfer instructions are verbally verified using a known phone number, not the phone number listed in the wiring instructions
  • Have a procedure that informs all new clients of the risk of fraudulent wire instructions. Urge them to verbally verify any wire instructions they receive. Bear in mind that any hackers monitoring the email exchange will see your procedure and potentially modify their scam accordingly.
  • Revise your phone system’s “On Hold” message to include reminders about fraudulent wire instructions. Even if this has already been communicated, consumers may not have considered this detail during what can often be a hectic process.
  • Hold regular seminars and send periodic email blasts that go to your associates and business partners, as well as others who refer business to you.
  • Have up-to-date firewall and IT support. Encrypt your emails. If your email account is the one that is hacked, you may be more likely to be dragged into litigation over lost funds.

Keep in mind that none of these suggestions, in and of themselves, are sufficient to stop the threat of fraudulent wire transfer instructions. Your management, sales, and IT teams, must work together to develop a verification system that works for your business. This is a situation where regular amounts of preventative action go a long way to keep your business from a financial and public relations catastrophe.

What are you doing to educate consumers? What verification procedures are you using? We love to receive feedback and suggestions from our readers. Contact a Merriam Insurance agent to learn more.

James Dick, CPCU, AAI

James Dick, CPCU, AAI

Sales Manager
Schenectady, NY 12301-1038

Toll-Free:
(877) MERRIAM x 219
(877) 637-7426 x 219